Jump to content

Event ID 13, MSFTPSVC Cannot access the home directory


Recommended Posts

First let me say my FTP Site with Active Directory User Isolation has functioned in the past until recently. Even now the behavior is very strange.

* I can still login with no issues

* A service account that was able to login previously with no issues, is no longer able to login , home directory inaccessible.

* New User accounts I create cannot access their home directories.

Here is my work flow for creating new users in ADUC and allowing them access to FTP.

1. Create new domain user account

2. Open domain User Account Properties, Select Member Of tab, add them to the FTP User Group

3. Open ADSI Edit, add entries for the users FTP root directory and folder.

4. Navigate to the ftp server, create the user home folder

5. Verify read, write, modify access on FTP

This is the folder structure that allows the user access

[ftp server]

Inetpub

- FTPROOT (FTP Users have full control over this directory)

- [user Directory]

All FTP user home directories are in this folder

So for ADSI Edit entries I would have

msIIS-FTPDir \[foldername] (I create this folder when needed)

msIIS-FTPRoot \\[servername]\ftproot\ (does not change for any user)

Notable items

* The local Administrator password was changed within the last 2 weeks

*The service account (used to move backups to the ftp) could no longer move the backups as of about 2 weeks ago

* I have tried deleting and recreating the FTP Site

* I have tried uninstalling and reinstalling IIS via add/remove windows components, I would think uninstalling and/or creating a new FTP site would negate any effect of changing the local administrator password.

Another strange point, when trying to get the UserIsolation Mode via ADSutil.vbs i get an error

Here's the command:

C:\Inetpub\AdminScripts\cscript adsutil.vbs get MSFTPSVC/63361983/UserIsolationMode

Here's the result:

Microsoft ® Windows Script Host Version 5.6

Copyright © Microsoft Corporation 1996-2001. All Rights reserved

ErrNumber: -2146646000 (0x800CC810)

Error Trying to GET the Object (GetObject Failed): MSFTPSVC/63361983

63361983 is the FTP Site in question

This is Windows 2003 SP1

Website I have already visited:

http://www.microsoft.com/technet/community...er/default.mspx

http://blog.crowe.co.nz/archive/2006/09.aspx

Additionally

I have filemon currently running on the server. When I log into FTP I can see the success result of routing my personal account to the appropriate directory path.

However when using this service account, nothing is displayed, not even a failure to open or access denied.

Please help

Link to comment
Share on other sites


Just got off the phone with Microsoft. We ended up creating a new FTP SIte with Active DIrectory User Isolation. We created a new service account and granted it Domain Administrator permissions and it worked. Still doesn't explain why it worked in the past with the old service account without Domain Admin permissions...maybe a security patch? I am now waiting to here back regarding the minimum permissions required for the MSFTPSVC service account.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...